Vulnerabilities > Misp > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-02-09 CVE-2024-25674 Unrestricted Upload of File with Dangerous Type vulnerability in Misp
An issue was discovered in MISP before 2.4.184.
network
low complexity
misp CWE-434
critical
 9.8
9.8
2024-02-09 CVE-2024-25675 Unspecified vulnerability in Misp
An issue was discovered in MISP before 2.4.184.
network
low complexity
misp
critical
 9.8
9.8
2023-12-15 CVE-2023-50918 Unspecified vulnerability in Misp
app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs.
network
low complexity
misp
critical
 9.8
9.8
2023-02-20 CVE-2022-48328 Improper Handling of Exceptional Conditions vulnerability in Misp
app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles ordered_url_params and additional_delimiters.
network
low complexity
misp CWE-755
critical
 9.8
9.8
2023-02-20 CVE-2022-48329 Improper Handling of Exceptional Conditions vulnerability in Misp
MISP before 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute.php, app/Model/GalaxyCluster.php, app/Model/Workflow.php, and app/Plugin/Assets/models/behaviors/LogableBehavior.php.
network
low complexity
misp CWE-755
critical
 9.8
9.8
2022-04-20 CVE-2022-29528 Deserialization of Untrusted Data vulnerability in Misp
An issue was discovered in MISP before 2.4.158.
network
low complexity
misp CWE-502
critical
 9.8
9.8
2021-09-17 CVE-2021-41326 Unspecified vulnerability in Misp
In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec call.
network
low complexity
misp
critical
 9.8
9.8
2021-08-19 CVE-2021-39302 SQL Injection vulnerability in Misp 2.4.148
MISP 2.4.148, in certain configurations, allows SQL injection via the app/Model/Log.php $conditions['org'] value.
network
low complexity
misp CWE-89
critical
 9.8
9.8
2021-06-25 CVE-2021-35502 Unspecified vulnerability in Misp 2.4.144
app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp in MISP 2.4.144 does not sanitize certain data related to generic-template:index.
network
low complexity
misp
critical
 9.8
9.8
2021-01-19 CVE-2021-25323 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Misp 2.4.136
The default setting of MISP 2.4.136 did not enable the requirements (aka require_password_confirmation) to provide the previous password when changing a password.
network
low complexity
misp CWE-640
critical
 9.1
9.1